.\"****************************************************************************
.\" Written by Chris Dunlap <cdunlap@llnl.gov>.
.\" Copyright (C) 2007-2013 Lawrence Livermore National Security, LLC.
.\" Copyright (C) 2002-2007 The Regents of the University of California.
.\" UCRL-CODE-155910.
.\"
.\" This file is part of the MUNGE Uid 'N' Gid Emporium (MUNGE).
.\" For details, see <https://munge.googlecode.com/>.
.\"
.\" MUNGE is free software: you can redistribute it and/or modify it under
.\" the terms of the GNU General Public License as published by the Free
.\" Software Foundation, either version 3 of the License, or (at your option)
.\" any later version.  Additionally for the MUNGE library (libmunge), you
.\" can redistribute it and/or modify it under the terms of the GNU Lesser
.\" General Public License as published by the Free Software Foundation,
.\" either version 3 of the License, or (at your option) any later version.
.\"
.\" MUNGE is distributed in the hope that it will be useful, but WITHOUT
.\" ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
.\" FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
.\" and GNU Lesser General Public License for more details.
.\"
.\" You should have received a copy of the GNU General Public License
.\" and GNU Lesser General Public License along with MUNGE.  If not, see
.\" <http://www.gnu.org/licenses/>.
.\"****************************************************************************

.TH MUNGE 3 "@META_DATE@" "@META_ALIAS@" "MUNGE Uid 'N' Gid Emporium"

.SH NAME
munge_encode, munge_decode, munge_strerror \- MUNGE core functions

.SH SYNOPSIS
.nf
.B #include <munge.h>
.sp
.BI "munge_err_t munge_encode (char **" cred ", munge_ctx_t " ctx ,
.BI "                          const void *" buf ", int " len );
.sp
.BI "munge_err_t munge_decode (const char *" cred ", munge_ctx_t " ctx ,
.BI "                          void **" buf ", int *" len ", uid_t *" uid ", gid_t *" gid );
.sp
.BI "const char * munge_strerror (munge_err_t " e );
.sp
.B cc `pkg-config --cflags --libs munge` -o foo foo.c
.fi

.SH DESCRIPTION
The \fBmunge_encode\fR() function creates a credential contained in a
NUL-terminated base64 string.  A payload specified by a buffer \fIbuf\fR
of length \fIlen\fR can be encapsulated in as well.  If the MUNGE context
\fIctx\fR is NULL, the default context will be used.  A pointer to the
resulting credential is returned via \fIcred\fR; on error, it is set to NULL.
The caller is responsible for freeing the memory referenced by \fIcred\fR.
.PP
The \fBmunge_decode\fR() function validates the NUL-terminated credential
\fIcred\fR.  If the MUNGE context \fIctx\fR is not NULL, it will be set to
that used to encode the credential.  If \fIbuf\fR and \fIlen\fR are not NULL,
memory will be allocated for the encapsulated payload, \fIbuf\fR will be set
to point to this data, and \fIlen\fR will be set to its length.  An additional
NUL character will be appended to this payload data but not included in its
length.  If no payload exists, \fIbuf\fR will be set to NULL and \fIlen\fR
will be set to 0.  For certain errors (i.e., \fBEMUNGE_CRED_EXPIRED\fR,
\fBEMUNGE_CRED_REWOUND\fR, \fBEMUNGE_CRED_REPLAYED\fR), payload memory will
still be allocated if necessary.  The caller is responsible for freeing
the memory referenced by \fIbuf\fR.  If \fIuid\fR or \fIgid\fR is not NULL,
they will be set to the UID/GID of the process that created the credential.
.PP
The \fBmunge_strerror\fR() function returns a descriptive text string
describing the MUNGE error number \fIe\fR.

.SH RETURN VALUE
The \fBmunge_encode\fR() and \fBmunge_decode\fR() functions return
\fBEMUNGE_SUCCESS\fR on success, or a MUNGE error otherwise.  If a MUNGE
context was used, it may contain a more detailed error message accessible
via \fBmunge_ctx_strerror\fR().
.PP
The \fBmunge_strerror\fR() function returns a pointer to a NUL-terminated
constant text string; this string should not be freed or modified by
the caller.

.SH ERRORS
.TP
.B EMUNGE_SUCCESS
Success.
.TP
.B EMUNGE_SNAFU
Internal error.
.TP
.B EMUNGE_BAD_ARG
Invalid argument.
.TP
.B EMUNGE_BAD_LENGTH
Exceeded the maximum message length as specified by the \fBmunged\fR
configuration.
.TP
.B EMUNGE_OVERFLOW
Exceeded the maximum length of a buffer.
.TP
.B EMUNGE_NO_MEMORY
Unable to allocate the requisite memory.
.TP
.B EMUNGE_SOCKET
Unable to communicate with the daemon on the domain socket.
.TP
.B EMUNGE_BAD_CRED
The credential does not match the specified format.
.TP
.B EMUNGE_BAD_VERSION
The credential contains an unsupported version number.
.TP
.B EMUNGE_BAD_CIPHER
The credential contains an unsupported cipher type.
.TP
.B EMUNGE_BAD_MAC
The credential contains an unsupported MAC type.
.TP
.B EMUNGE_BAD_ZIP
The credential contains an unsupported compression type.
.TP
.B EMUNGE_BAD_REALM
The credential contains an unrecognized security realm.
.TP
.B EMUNGE_CRED_INVALID
The credential is invalid.  This means the credential could not be
successfully decoded.  More than likely, the secret keys on the encoding
and decoding hosts do not match.  Another possibility is that the credential
has been altered since it was encoded.
.TP
.B EMUNGE_CRED_EXPIRED
The credential has expired.  This means more than TTL seconds have elapsed
since the credential was encoded.  Another possibility is that the clocks
on the encoding and decoding hosts are out of sync.
.TP
.B EMUNGE_CRED_REWOUND
The credential appears to have been encoded at some point in the future.
This means the clock on the decoding host is slower than that of the
encoding host by more than the allowable clock skew.  More than likely,
the clocks on the encoding and decoding hosts are out of sync.
.TP
.B EMUNGE_CRED_REPLAYED
The credential has been previously decoded on this host.
.TP
.B EMUNGE_CRED_UNAUTHORIZED
The client is not authorized to decode the credential based upon the
effective user and/or group ID of the process.

.SH EXAMPLE
The following example program illustrates the use of a MUNGE credential to
ascertain the effective user and group ID of the encoding process.
.PP
.nf
#include <stdio.h>                      /* for printf() */
#include <stdlib.h>                     /* for exit() & free() */
#include <unistd.h>                     /* for uid_t & gid_t */
#include <munge.h>
.sp
int
main (int argc, char *argv[])
{
    char        *cred;
    munge_err_t  err;
    uid_t        uid;
    gid_t        gid;
.sp
    err = munge_encode (&cred, NULL, NULL, 0);
.sp
    if (err != EMUNGE_SUCCESS) {
        fprintf (stderr, "ERROR: %s\\n", munge_strerror (err));
        exit (1);
    }
    err = munge_decode (cred, NULL, NULL, NULL, &uid, &gid);
.sp
    if (err != EMUNGE_SUCCESS) {
        fprintf (stderr, "ERROR: %s\\n", munge_strerror (err));
        exit (1);
    }
    printf ("uid=%d gid=%d\\n", uid, gid);
    free (cred);
    exit (0);
}
.fi

.SH NOTES
Both \fBmunge_encode\fR() and \fBmunge_decode\fR() may allocate memory that
the caller is responsible for freeing.  Failure to do so will result in a
memory leak.

.SH AUTHOR
@META_AUTHOR@

.SH COPYRIGHT
Copyright (C) 2007-2013 Lawrence Livermore National Security, LLC.
.br
Copyright (C) 2002-2007 The Regents of the University of California.
.PP
MUNGE is free software: you can redistribute it and/or modify it under the
terms of the GNU General Public License as published by the Free Software
Foundation, either version 3 of the License, or (at your option) any later
version.
.PP
Additionally for the MUNGE library (libmunge), you can redistribute it
and/or modify it under the terms of the GNU Lesser General Public License as
published by the Free Software Foundation, either version 3 of the License,
or (at your option) any later version.

.SH "SEE ALSO"
.BR munge (1),
.BR remunge (1),
.BR unmunge (1),
.BR munge_ctx (3),
.BR munge_enum (3),
.BR munge (7),
.BR munged (8).
.PP
\fBhttps://munge.googlecode.com/\fR
